Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[v15] Introduce long-lived SSH proxy for Machine ID (#42592) #42761

Merged
merged 1 commit into from
Jun 12, 2024

Conversation

strideynet
Copy link
Contributor

Backports #42592

changelog: Introduces the new Machine ID ssh-multiplexer service for significant improvements in SSH performance.

* Skeleton out SSHProxyService

* Skeleton out actual service implementation

* Simple unit tests for yaml/validation

* Add main config file unit test

* Crudely copy in the connection handle code

* Copy in basic setup code

* Add rudimentary "dial cycler"

* Tidy up handling of listener closure

* Add basic prometheus metrics

* Add ssh proxy command connect

* Fix crashes

* Make session resumption enabled by default

* Use `utils.ProxyConn`

* last few changes before i convert to socks5

* Rename socket

* Add support for loading proxy templates

* Tidy up logging

* rename to multiplexer

* Fix up a few bits

* Generate artifacts on initial start

* Support specifying command and subcommand

* Add identity generation and renewal to ssh multiplexer

* Tidy up code post-identity generation

* Tidy up logging for connection multiplexing/proxying

* Americanize spellings

* Info( -> InfoContext(

* stash

* Replace low-level cycler with higher-level but broken cycler

* Remove reference to grpcClientConnInterfaceCloser

* minor tweaks and fixes to the cycler

* Fix lone tab in the ssh_config template

* Better metrics

* Fix ineff assign

* Simplify config for custom muxcommand

* Start wrtiign test

* Fix broken fdpass

* Potentially flaky but working test

* Switch to NULL delimited

* Tidy up tests

* Remove commented out code

* Drain buffer after the conn resumption has been enabled

* Change socket name to `v1.sock`

* Switch away from JSON

* Switch to ProxyCommand style config for overrides

* Switch to `filepath`

* Update lib/tbot/service_ssh_multiplexer.go

Co-authored-by: Edoardo Spadolini <edoardo.spadolini@goteleport.com>

* Update lib/tbot/ssh/ssh.go

Co-authored-by: Edoardo Spadolini <edoardo.spadolini@goteleport.com>

* Update lib/tbot/service_ssh_multiplexer.go

Co-authored-by: Edoardo Spadolini <edoardo.spadolini@goteleport.com>

* Absolute paths

* Remove unused dep

* Update lib/tbot/service_ssh_multiplexer.go

Co-authored-by: rosstimothy <39066650+rosstimothy@users.noreply.github.com>

* Update lib/tbot/ssh/ssh.go

Co-authored-by: Tim Buckley <tim@goteleport.com>

* Drain buffer as part of proxying goroutine

* Fix missing godoc

* Missing godoc

* Add test for connection cycler

* Update lib/tbot/service_ssh_multiplexer.go

Co-authored-by: Edoardo Spadolini <edoardo.spadolini@goteleport.com>

* Simpler buffer draining

* Fix race in test

* More generous time outs

---------

Co-authored-by: Edoardo Spadolini <edoardo.spadolini@goteleport.com>
Co-authored-by: rosstimothy <39066650+rosstimothy@users.noreply.github.com>
Co-authored-by: Tim Buckley <tim@goteleport.com>
@strideynet strideynet added this pull request to the merge queue Jun 12, 2024
Merged via the queue into branch/v15 with commit 128aadd Jun 12, 2024
35 checks passed
@strideynet strideynet deleted the strideynet/v15/backport-42592 branch June 12, 2024 08:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants